Skip to main content
search

Applicable Products

Part number Description
ZETA-GEP-LTE4 (EU) Low Power LTE Cat 4 European Modem with GPIO and GNSS
ZETA-G-GPRS Entry Level GPRS Modem with GNSS (GL)
ZETA-N2-GPRS Entry Level GPRS Modem (GL)
ZETA-NEP-LTE4 (EU) Low Power LTE Cat 4 European Modem with GPIO
ZETA-NEP-LTEM (GL) Low Power Global LTE Cat M Modem with GPIO
ZETA-NLP-LTE1 (EU) Ultra Low Power European LTE Cat 1 Modem
ZETA-NLP-LTEM (GL) Ultra Low Power Global LTE Cat M Modem
ZETA-N-LTE (EU) High Performance LTE Cat 4 Modem with GPIO
ZETA-NSP-LTE1 (EU) Low Power European LTE Cat 1 Modem

Objective

MQTT stands for Message Queuing Telemetry Transport. It is a simple lightweight protocol for transmitting and receiving data in IoT devices and uses very low power, low data rate and is easy to deploy.

The purpose of connecting a Siretta Modem with an MQTT broker using the MQTT protocol is to facilitate reliable and efficient communication in a distributed network or IoT environment. This is particularly important where network bandwidth and resources are limited, or devices possess limited processing capabilities, and network connectivity is often unstable.

Some of the benefits of connecting a Siretta Modem to an MQTT broker include the following:

  1. Asynchronous communication:  Devices can send and receive messages asynchronously without waiting for a response. This can conserve network resources, reduce system latency and make the system more responsive.
  2. Decentralised architecture: The devices do not need to be aware of each other’s existence and they don’t need to have knowledge of the network topology. The broker takes care of routing the messages to their destination and does not rely on a central server such that the system is more resilient to failures and more scalable such that the broker can handle multiple connections and messages simultaneously.
  3. Reliability: MQTT includes mechanisms that provide reliable messages with delivery guarantees, even in the presence of poor network connectivity or where devices may be temporarily offline.
  4. Publish/Subscribe model: MQTT uses a publish/subscribe messaging model, allowing publishers to send messages to topics and subscribers to receive messages from topics they have subscribed to.
  5. Security: MQTT can support secure communication with encryption and authentication mechanisms providing a secure and reliable means of transmitting data which is essential in many applications where sensitive or confidential data is being transmitted.

For details of using MQTT without SSL please refer to the application note: https://www.siretta.com/2023/05/how-to-connect-a-siretta-modem-to-an-mqtt-broker-without-ssl-certificate/

Solution

Connecting a Siretta Modem to an MQTT server using SSL (Secure Sockets Layer) is important where sensitive information is being transmitted as this provides an additional layer of security to protect against unauthorized access and ensure confidentiality, integrity, and authenticity of the transmitted data. Here are some more reasons why you may wish to connect to an MQTT server using SSL:

  1. Encryption: SSL uses cryptographic algorithms to encrypt the data making it unreadable to anyone except the intended recipient.
  2. Authentication of the Server: SSL certificates provide a way to verify the identity of the server and ensure the client is communicating with the correct server. This helps prevent man-in-the-middle attacks where a third party could intercept and modify the communication.
  3. Authentication of the Client: This ensures only authorized clients can access the server.
  4. Compliance with security standards: Many industries and applications require compliance with security standards such as GDPR, HIPAA and using SSL with MQTT can help ensure compliance.

This application note covers how to connect a Siretta Modem to an MQTT Broker using the SSL/TLS certificate.

SSL/TLS enables an encrypted connection between an MQTT Broker and a Siretta Modem using a secure socket connection for secure data transmissions.

An application note “How to Connect a Siretta Modem to an MQTT Broker without an SSL Certificate” is to be referred to beforehand and throughout this guide. It can be downloaded from the following link: https://www.siretta.com/2023/05/how-to-connect-a-siretta-modem-to-an-mqtt-broker-without-ssl-certificate/. It is a vital document for this Guide.

Demonstration of Solution

Requirements

Note: (For this guide the following free MQTT broker was used  https://mqtt.siretta.com/ ) Users have to source their own MQTT Broker suitable for their application or may use this test one for testing purposes subject to its availability.

  • Certificate Authority: In PEM format.
  • All requirements from “How to Connect a Siretta Modem to an MQTT Broker without SSL Certificate.”

Obtaining an SSL/TLS certificate

Note: If you already have a certificate in a PEM format then you can skip step 1 to 13 and continue with step 14 below.

  1. Open MQTT Broker URL https://mqntt.siretta.com/ using Mozilla Firefox browser.
  2. Click a security icon, circled red (See below)

3. You will be presented with a screenshot like one below.

4. Click “Connection secure” option above.
5. You will be presented with a screenshot like one below.

6. Click “More information” tab, you will be presented with a screenshot like the one below.

blank

7. Click “View Certificate” tab (in Red Rectangle), you will be presented with a screenshot like the one below.

8. Click PEM (Cert) Circled in red above to download SSL certificate in a PEM format.

9. Wait for the download to complete.

10. Check the download folder on your PC to confirm that the certificate is successfully downloaded.

11. If successful, you will see the file like one below.

12. Right click the file to obtain its exact size in bytes. (See below).

13. Note down the size of PEM file in bytes (for this guide is 716 bytes as circled red above).

Modem Setting.

14. Follow steps 1 to 30 of the “How to Connect a Siretta Modem to an MQTT Broker without an SSL Certificate” application note.

15. Issue the following AT command – AT#MQCFG=1, mqtt.siretta.com,8883,1,1 to set the MQTT broker details and enable SSL.

Where:
AT#MQCFG=<Instance_number>, <host_name>, <port>, <cid>, <ssl_en>

• Instance_number is 1 for this setting.
• Host name is the URL of the MQTT broker (For this guide the following URL was used mqtt.siretta.com)
• Port is the MQTT Broker SSL/TLS Port number (For this guide 8883 was used).
• cid is the PDP context to be used (For this guide 1 was used).
• Ssl_en is to enable or disable SSL use 0 to disable SSL or 1 to enable SSL. (For this guide 1 was used).

Note: The MQTT broker URL and Port used above is available for free for testing MQTT clients from the following link https://mqtt.siretta.com/. The user may have to source their own MQTT broker.

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#MQCFG=1, mqtt.siretta.com,8883,1,1

OK

16. Receive OK when successful.

17. Issue the following AT command. AT#MQCFG? to confirm MQTT Broker details and SSL state.

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#MQCFG?

#MQCFG=1, “mqtt.siretta.com”,8883,1,1

OK

18. Issue the following AT command to check and configure additional parameter of SSL connection.
AT#SSLSECCFG2=?

19. You will receive the results in format below when successful.
#SSLSECCFG2=<SSId>, <version> [, <unused_A> [, <unused> [, <unuse
d_C> [, <unused>]]]]

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#SSLSECCFG2=?

#SSLSECCFG2: (1), (0-2), (0), (0), (0), (0)

OK

where: –

• SSId is the secure Socket identifier which is 1
Note: The current firmware only supports one secure Socket connection at a time.
• Version is SSL/TLS Protocol version.
• Below is the list of supported versions.
0 – Option is protocol version TLSv1.0
1 – Option is protocol version TLSv1.1
2 – Option is protocol version TLSv1.2
• Unused A, B, C and D, reserved for future use.

20. Issue the following AT command to check the current configuration.

AT#SSLSECCFG2?

21. Receive below when successful.

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#SSLSECCFG2?

#SSLSECCFG2:1,2,0,0,0,0

OK

22. Leave a default version of 2 (protocol version TLSv1.2.) for the purpose of this guide.

23. Use the following at command to check supported security parameters.
AT#SSLSECCFG=?

24. Receive results in the format below when successful.
#SSLSECCFG= <SSId>, <CipherSuite>, <auth_mode> [, <cert_format>]

Where:

• SSId is the secure Socket identifier which is 1
• CipherSuite (choose option from below list): –
0 – Cipher Suite is chosen by remote Server [default] 1 – TLS_RSA_WITH_3DES_EDE_CBC_SHA
2 – TLS_RSA_WITH_AES_128_CBC_SHA
3 – TLS_RSA_WITH_AES_128_CBC_SHA256
4 – TLS_RSA_WITH_AES_256_CBC_SHA
5 – TLS_RSA_WITH_AES_256_CBC_SHA256
6 – TLS_DHE_RSA_WITH_AES_128_CBC_SHA
7 – TLS_DHE_RSA_WITH_AES_256_CBC_SHA
8 – TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
9 – TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
10 – TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• auth_mode (Choose option from the list below): –
0 – SSL Verify [default] 1 – Manage server authentication.
2 – Manage server and client authentication if requested by the remote server.
• cert_format (Choose option from below list): –
0 – DER format
1 – PEM format (default)

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#SSLSECCFG=?

#SSLSECCFG: (1), (0-10), (0-2), (0,1)

OK

25. Issue the following at command to configure security parameters. AT#SSLSECCFG=1,0,0,1.

26. Receive OK when successful.

27. Issue the following at command AT#SSLSECCFG? to confirm security settings.

28. Receive below when successful.

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#SSLSECCFG=1,0,0,1

OK

AT#SSLSECCFG?

#SSLSECCFG:1,0,0,1

OK

29. Issue an AT command in the format below to configure and store certificate details into the modem NVM.
AT#MQSCFG=<instance_number>, <cert_type>, <set> [, <size>]

Where:
• instance_number is 1 for this setting.
• cert_type- Certificate type choose from option below: –
0 – for CA certificate
1- for Client cert
2- for Client key.
• set – choose from two options 1 to set selected and 0 to unselect.
• Size – certificate size in bytes.

30. Issue the following at command to store certificate in a modem.
AT#MQSCFG=1,0,1,716

31. Receive below when successful.

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#MQSCFG=1,0,1,716

>

 

32. Click File option in a Tera Term window.

33. Select send file option.

34. You will be presented with a page like the one below.

blank

35. Select the certificate file from where it was downloaded /stored in a PC. (For this guide mqtt-siretta-com.pem was used).

36. Click Open.

37. You will see the certificate in a Tera Term window as shown below.

Note: At this stage set Tera Term to transmit “CR+LF” in a New – line as seen below.

38. Click OK.

39. You will see the beginning to the end of the certificate in a Tera Term window as seen below.

40. Receive OK when successful.

41. Issue the following AT command to connect to the MQTT broker using SSL, username, and password.
AT#MQCONN=1, mqtt. siretta. com, siretta, s1r3tt4

42. Receive OK when successful.

43. Issue the following AT command to check the status of MQTT.
AT#MQCONN?

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT#MQCONN=1, mqtt. siretta. com, siretta, s1r3tt4

OK

AT#MQCONN?

#MQCONN: 1,2

OK

44. You have successfully connected to the MQTT broker using SSL/TLS, username, and password.

Note: Once you are connected to the MQTT Broker using SSL/TLS, you can subscribe to a different topic to receive information from the publisher via a Secured MQTT protocol. You can publish a message which subscribers will be able to view.

Note: The following command AT#MQCONN=1, mqtt. siretta. com, siretta, s1r3tt4 was used because the MQTT broker does require an authentication (username /password) with an SSL certificate. If your selected MQTT broker uses a certificate without authentications then use the following command instead AT#MQCONN=<instance number>, “<ClientID>”

Below is the list of all AT commands used for this guide.

COM12 – Tera Term VT
File    Edit     Setup     Control     Window     Help
AT

OK

AT+CMEE=2

OK

AT+CREG?

+CREG: 0,1

OK

AT+CGDCONT=1,”IP”,”wlapn4.com”

OK

AT#SGACT=1,1,”OLANCHAG”,”OLANCHAG”

#SGACT: 10.127.93.4

OK

AT#MQEN=1,1

OK

AT#MQVCFG=1,5

OK

AT#MQTCFG =1 ,10

OK

AT#MQCFG=?

#MQCFG: (1-2),,(1-65535), (1-16), (0-1)

OK

AT#MQCFG=1, mqtt. siretta. media, 8883,1,1

OK

AT#MQCFG?

#MQCFG: 1,”mqtt. siretta. media”,8883,1,1

OK

AT#MQCFG?

#MQCFG: 1,”mqtt. siretta. media”,8883,1,1

OK

AT#SSLSECCFG=1,0,0,1

OK

AT#SSLSECCFG?

#SSLSECCFG: 1,0,0,1

OK

AT#MQSCFG=1,0,1,716

>

—–BEGIN CERTIFICATE—–

MIIBnDCCAUKgAwIBAgIQI06Ql6skwk/Kfd75qST6UzAKBggqhkjOPQQDAjBgMS0w

KwYDVQQDDCRCaXRkZWZlbmRlciBQZXJzb25hbCBDQS5OZXQtRGVmZW5kZXIxDDAK

BgNVBAsMA0lEUzEUMBIGA1UECgwLQml0ZGVmZW5kZXIxCzAJBgNVBAYTAlVTMB4X

DTIzMDgyMzEwNTc0MVoXDTIzMTEyMTEwNTc0MFowHTEbMBkGA1UEAxMSbXF0dC5z

aXJldHRhLm1lZGlhMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbfk7V81X0zHJ

inDNhcUoE6Vu9M/aAFmUYwBmjDz1uTEiw+qapZnMDLt4H76Yqgc0qjRKjv8XJRif

YTVvwRxvKKMhMB8wHQYDVR0RBBYwFIISbXF0dC5zaXJldHRhLm1lZGlhMAoGCCqG

SM49BAMCA0gAMEUCIEXOSrPoaztTjYqDi+9ROYF7VajAZNqLlbmbXuQprGKtAiEA

8Pk3U7zqTgpp2EFGudXfrrTxJiQf0Y6adCBo82cqie4=

—–END CERTIFICATE—–

OK

AT#MQCONN=1, mqtt. Siretta.com, siretta,s1r3tt4

OK

AT#MQCONN?

#MQCONN: 1,2

OK

More information about Siretta’s modems can be found from the following link: https://www.siretta.com/products/industrial-modems/

Additional Reading

Description Author
Modem Starter Kit- Quick Start Guide: ZETA-xxP Quick Start Guide  

Siretta

 

AT command manual

 

 

Telit

 

Initial Modem Setup Guide                                               

 

 

Siretta

Link to download Tera Term

https://osdn.net/projects/ttssh2/downloads/68252/teraterm-4.96.exe/

 

OSDN

 

Download PDF
Close Menu